RewriteEngine On

# Force HTTPS in production
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# Remove trailing slash
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Front Controller Pattern
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]

# API Routing
RewriteRule ^api/v1/(.*)$ api/v1/$1 [L]
RewriteRule ^api/v1/analytics/(.*)$ api/v1/analytics.php?path=$1 [QSA,L]
RewriteRule ^api/v1/templates/(.*)$ api/v1/templates.php?path=$1 [QSA,L]
RewriteRule ^api/v1/upload$ api/v1/upload.php [QSA,L]

# QR code scanning
RewriteRule ^qr/([a-zA-Z0-9]+)$ index.php?page=scan&id=$1 [L]
RewriteRule ^qr/([a-zA-Z0-9]+)/edit$ index.php?page=edit-qr&id=$1 [L]
RewriteRule ^qr/([a-zA-Z0-9]+)/analytics$ index.php?page=qr-analytics&id=$1 [L]

# User pages
RewriteRule ^dashboard$ index.php?page=dashboard [L]
RewriteRule ^my-qrcodes$ index.php?page=my-qrcodes [L]
RewriteRule ^analytics$ index.php?page=analytics [L]
RewriteRule ^templates$ index.php?page=templates [L]
RewriteRule ^settings$ index.php?page=settings [L]
RewriteRule ^login$ index.php?page=login [L]
RewriteRule ^register$ index.php?page=register [L]
RewriteRule ^logout$ index.php?page=logout [L]

# Admin pages
RewriteRule ^admin/dashboard$ index.php?page=admin-dashboard [L]
RewriteRule ^admin/users$ index.php?page=admin-users [L]
RewriteRule ^admin/qr-codes$ index.php?page=admin-qr-codes [L]
RewriteRule ^admin/analytics$ index.php?page=admin-analytics [L]
RewriteRule ^admin/settings$ index.php?page=admin-settings [L]

# Security Headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "DENY"
    Header set X-XSS-Protection "1; mode=block"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
    Header set Permissions-Policy "camera=(), microphone=(), geolocation=()"
</IfModule>

# Caching for static assets
<FilesMatch "\.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$">
    Header set Cache-Control "max-age=31536000, public"
</FilesMatch>

# Protect sensitive files
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

<FilesMatch "\.(sql|log|ini|phps|phtml|php[0-9])$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Compress text files
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>

# Error documents
ErrorDocument 404 /404.php
ErrorDocument 403 /403.php
ErrorDocument 500 /500.php

# Prevent directory listing
Options -Indexes

# Set PHP settings
<IfModule mod_php7.c>
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value max_execution_time 300
    php_value max_input_time 300
</IfModule>

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
